mirror of
https://github.com/systemd/systemd.git
synced 2024-10-31 16:21:26 +03:00
resolved: add missing error code check when initializing DNS-over-TLS
This commit is contained in:
parent
e22c5b2064
commit
71a681ae50
@ -194,14 +194,15 @@ void dnstls_server_free(DnsServer *server) {
|
|||||||
gnutls_free(server->dnstls_data.session_data.data);
|
gnutls_free(server->dnstls_data.session_data.data);
|
||||||
}
|
}
|
||||||
|
|
||||||
void dnstls_manager_init(Manager *manager) {
|
int dnstls_manager_init(Manager *manager) {
|
||||||
int r;
|
int r;
|
||||||
assert(manager);
|
assert(manager);
|
||||||
|
|
||||||
gnutls_certificate_allocate_credentials(&manager->dnstls_data.cert_cred);
|
r = gnutls_certificate_allocate_credentials(&manager->dnstls_data.cert_cred);
|
||||||
r = gnutls_certificate_set_x509_trust_file(manager->dnstls_data.cert_cred, manager->trusted_certificate_file, GNUTLS_X509_FMT_PEM);
|
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
log_error("Failed to load trusted certificate file %s: %s", manager->trusted_certificate_file, gnutls_strerror(r));
|
return -ENOMEM;
|
||||||
|
|
||||||
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
void dnstls_manager_free(Manager *manager) {
|
void dnstls_manager_free(Manager *manager) {
|
||||||
|
@ -344,17 +344,21 @@ void dnstls_server_free(DnsServer *server) {
|
|||||||
SSL_SESSION_free(server->dnstls_data.session);
|
SSL_SESSION_free(server->dnstls_data.session);
|
||||||
}
|
}
|
||||||
|
|
||||||
void dnstls_manager_init(Manager *manager) {
|
int dnstls_manager_init(Manager *manager) {
|
||||||
int r;
|
int r;
|
||||||
assert(manager);
|
assert(manager);
|
||||||
|
|
||||||
ERR_load_crypto_strings();
|
ERR_load_crypto_strings();
|
||||||
SSL_load_error_strings();
|
SSL_load_error_strings();
|
||||||
manager->dnstls_data.ctx = SSL_CTX_new(TLS_client_method());
|
manager->dnstls_data.ctx = SSL_CTX_new(TLS_client_method());
|
||||||
if (manager->dnstls_data.ctx) {
|
|
||||||
SSL_CTX_set_min_proto_version(manager->dnstls_data.ctx, TLS1_2_VERSION);
|
if (!manager->dnstls_data.ctx)
|
||||||
SSL_CTX_set_options(manager->dnstls_data.ctx, SSL_OP_NO_COMPRESSION);
|
return -ENOMEM;
|
||||||
}
|
|
||||||
|
SSL_CTX_set_min_proto_version(manager->dnstls_data.ctx, TLS1_2_VERSION);
|
||||||
|
SSL_CTX_set_options(manager->dnstls_data.ctx, SSL_OP_NO_COMPRESSION);
|
||||||
|
|
||||||
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
void dnstls_manager_free(Manager *manager) {
|
void dnstls_manager_free(Manager *manager) {
|
||||||
|
@ -31,5 +31,5 @@ ssize_t dnstls_stream_read(DnsStream *stream, void *buf, size_t count);
|
|||||||
|
|
||||||
void dnstls_server_free(DnsServer *server);
|
void dnstls_server_free(DnsServer *server);
|
||||||
|
|
||||||
void dnstls_manager_init(Manager *manager);
|
int dnstls_manager_init(Manager *manager);
|
||||||
void dnstls_manager_free(Manager *manager);
|
void dnstls_manager_free(Manager *manager);
|
||||||
|
@ -598,7 +598,9 @@ int manager_new(Manager **ret) {
|
|||||||
log_warning_errno(r, "Failed to parse configuration file: %m");
|
log_warning_errno(r, "Failed to parse configuration file: %m");
|
||||||
|
|
||||||
#if ENABLE_DNS_OVER_TLS
|
#if ENABLE_DNS_OVER_TLS
|
||||||
dnstls_manager_init(m);
|
r = dnstls_manager_init(m);
|
||||||
|
if (r < 0)
|
||||||
|
return r;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
r = sd_event_default(&m->event);
|
r = sd_event_default(&m->event);
|
||||||
|
Loading…
Reference in New Issue
Block a user